Internal Auditors:

As the third line of Défense, internal auditors provide assurance and advisory support to management on internal control. Depending on the jurisdiction, size of the entity, and nature of the business, this function may be required or optional, internal or outsourced, large or small. In all cases, internal audit activities are expected to be carried out by competent and professional resources aligned to the risks relevant to the entity.

The internal audit activity includes evaluating the adequacy and effectiveness of controls in responding to risks within the organization’s oversight, operations, and information systems regarding. For example:

• Reliability and integrity of financial and operational information

• Effectiveness and efficiency of operations and programs

• Safeguarding of assets

• Compliance with laws, rules, regulations, standards, policies, procedures, and contracts

 

All activities within an organization are potentially within the scope of the internal auditor’s responsibility. In some entities, the internal audit function is heavily involved with controls over operations. For example, internal auditors may periodically monitor production quality, test the timeliness of shipments to customers, or evaluate the efficiency of the plant layout. In other entities, the internal audit function may focus primarily on compliance or financial reporting–related activities. In all cases, they demonstrate the necessary knowledge of the business and independence to provide a meaningful evaluation of internal control.

 

The scope of internal auditing is typically expected to include oversight, risk management, and internal control, and assist the organization in maintaining effective control by evaluating its effectiveness and efficiency and by promoting continual improvement. Internal audit communicates findings and interacts directly with management, the audit committee, and/or the board of directors. Internal auditors maintain an impartial view of the activities they audit through their skills and authority within the entity. Internal auditors have functional reporting to the audit committee and/or the board of directors and administrative reporting to the chief executive officer or other members of senior management.

 

Internal auditors are objective when not placed in a position of subordinating their judgment on audit matters to that of others and when protected from other threats to their objectivity. The primary protection against these threats is appropriate internal auditor reporting lines and staff assignments. These assignments are made to avoid potential and actual conflicts of interest and bias. Internal auditors do not assume operating responsibilities, nor are they assigned to audit activities with which they were involved recently in connection with prior operating assignments.